Red Hat Security Advisory: postgresql:12 security update
Two security vulnerabilities (CVE-2025-8714 and CVE-2025-8715) affect PostgreSQL 12 on Red Hat Enterprise Linux 8.6, allowing arbitrary code execution during restore operations. Red Hat has issued an important security advisory with updates to address these issues. The vulnerabilities involve execution of arbitrary code in the restore operation of PostgreSQL. The advisory provides updated packages for Red Hat Enterprise Linux 8.6 variants. No CVSS score is provided in the advisory.
AI Analysis
Technical Summary
PostgreSQL 12 on Red Hat Enterprise Linux 8.6 is affected by two vulnerabilities (CVE-2025-8714 and CVE-2025-8715) that allow arbitrary code execution during database restore operations. These issues are addressed in the Red Hat security advisory RHSA-2025:15006, which provides updated packages to fix the vulnerabilities. The advisory rates the impact as Important (high severity). No detailed CVSS score is available in the provided data. The vulnerabilities are related to CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) and CWE-93 (Improper Neutralization of CRLF Sequences).
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code during the restore operation of PostgreSQL, potentially compromising the affected system. The advisory classifies the impact as Important, indicating a high severity level. There are no known exploits in the wild at the time of publication.
Mitigation Recommendations
Red Hat has released updated packages for PostgreSQL 12 on Red Hat Enterprise Linux 8.6 to address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2025:15006 and the referenced article https://access.redhat.com/articles/11258. Patch status is confirmed with official fixes available. No additional mitigation beyond applying the update is specified.
Red Hat Security Advisory: postgresql:12 security update
Description
Two security vulnerabilities (CVE-2025-8714 and CVE-2025-8715) affect PostgreSQL 12 on Red Hat Enterprise Linux 8.6, allowing arbitrary code execution during restore operations. Red Hat has issued an important security advisory with updates to address these issues. The vulnerabilities involve execution of arbitrary code in the restore operation of PostgreSQL. The advisory provides updated packages for Red Hat Enterprise Linux 8.6 variants. No CVSS score is provided in the advisory.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PostgreSQL 12 on Red Hat Enterprise Linux 8.6 is affected by two vulnerabilities (CVE-2025-8714 and CVE-2025-8715) that allow arbitrary code execution during database restore operations. These issues are addressed in the Red Hat security advisory RHSA-2025:15006, which provides updated packages to fix the vulnerabilities. The advisory rates the impact as Important (high severity). No detailed CVSS score is available in the provided data. The vulnerabilities are related to CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) and CWE-93 (Improper Neutralization of CRLF Sequences).
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code during the restore operation of PostgreSQL, potentially compromising the affected system. The advisory classifies the impact as Important, indicating a high severity level. There are no known exploits in the wild at the time of publication.
Mitigation Recommendations
Red Hat has released updated packages for PostgreSQL 12 on Red Hat Enterprise Linux 8.6 to address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2025:15006 and the referenced article https://access.redhat.com/articles/11258. Patch status is confirmed with official fixes available. No additional mitigation beyond applying the update is specified.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:15006
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-8715"]
- Cvss Version
- null
Threat ID: 6a3cc29c4853345fc16d3225
Added to database: 06/25/2026, 05:54:36 UTC
Last enriched: 06/25/2026, 06:17:22 UTC
Last updated: 06/25/2026, 07:00:48 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.